Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»$ 7.5m kilo X hacking inside
HACKING NEWS

$ 7.5m kilo X hacking inside

By Crypto FlexsJune 15, 20253 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
$ 7.5m kilo X hacking inside
Share
Facebook Twitter LinkedIn Pinterest Email

On April 14, 2025, the KiloEX protocol suffered a loss of $ 7.5 million for significant violations of security. This event comes from the Oracle operation attack and emphasizes the important vulnerabilities of the protocol access control mechanism. Let’s find out what happened and what we can learn.

Root cause

The root of the exploit was the access control of the protocol. MinimalForwardercontract. Contract inherited from Openzeppelin ‘s MinimalForwarderUpgradeable It contains vulnerabilities executeA function that does not correctly check the signature of the data provided.

Trust model

The KiloEX protocol was operated as a complex trust model related to multiple contracts.

  • KilopriceFeed → Goalkeeper
  • Goalkeeper → Position Keeper
  • Position Keeper → Minimum forward
  • Minimum forward → Unlimited access

Critical defects are in the final link of this chain. MinimalForwarder contract I trusted the request that comes in.

Attack vector

The attacker exploited vulnerabilities by producing malicious transactions that detour intended access controls. You just need to offer the attack successfully.

  1. valid from Address (it can be obtained from previous transactions)
  2. valid signature (Also observed in the warm chain data)
  3. All arbitrary to Address (in this case Position keeper))
  4. custom data To run the function

Especially this attack MinimalForwarder The contract was not transparent and could not be found on the BSC or base.

Running attack

The attacker has been exploited through a series of calculated stages.

  1. We manipulated Oracle to lower asset prices.
  2. I opened a long position at an artificially low price.
  3. In order to raise the price, we manipulated Oracle again.
  4. Closed location for significant profits

Influence and meaning

This case reminds me of some important security principles.

  1. Access control is important Even inherited contracts require careful review and potential modifications to meet specific security requirements.
  2. Trust model verification -The complex trust relationship between contracts requires thorough verification at each stage.
  3. Oracle security -The price feed mechanism remains an important attack vector in the Defi protocol.

Evidence

The attack has been run in several chains.

Binance Smart Chain:

base:

Main takeout

  • Always review and test inherited contracts, especially access control mechanisms.
  • For security analysis, you should be able to identify and access contract implementation.
  • It is dangerous to rely on a single access control point. Implement a deep defense.

conclusion

For protocols to prevent similar events:

  1. Implement a strong signature verification in the contract delivery
  2. Keep a clear document on trust relationship between contracts
  3. Regular security audit focused on access control mechanisms
  4. Consider the implementation of the circuit breaker for significant price fluctuations.

This event shows the potential result of overlooking the importance of thorough security and the development of smart contracts.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

The mindset of Retail Investors

July 3, 2025

$ 90m NOBITEX HACK: Fault by layer

July 1, 2025

Safe smart account audit summary

June 27, 2025
Add A Comment

Comments are closed.

Recent Posts

GUNZ Announces $GUN Token Expansion To Solana

July 7, 2025

NEXST Launches Web3 VR Entertainment Platform With K-Pop Group UNIS As First Global Partner

July 7, 2025

Elon Musk announces that his “American Party” will accept Bitcoin and criticizes Trump’s financial bill.

July 7, 2025

From Wall Street to Wallet: Ark Defai redefines financial architecture.

July 7, 2025

What Every Investor Should Know

July 6, 2025

Protecting Your Portfolio In A Volatile Market

July 6, 2025

A Trader’s Guide To Smarter Moves

July 6, 2025

Crypto Price Prediction Strategies – How Traders Forecast The Market

July 6, 2025

Causes, History, And How To Survive

July 6, 2025

A Guide To High-Risk, High-Reward Strategies

July 6, 2025

Ethereum MVRV has 1.20–1.25 and suggests that Market Peak is not visible.

July 6, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

GUNZ Announces $GUN Token Expansion To Solana

July 7, 2025

NEXST Launches Web3 VR Entertainment Platform With K-Pop Group UNIS As First Global Partner

July 7, 2025

Elon Musk announces that his “American Party” will accept Bitcoin and criticizes Trump’s financial bill.

July 7, 2025
Most Popular

Money B, Guapdad 4000 Release NFT Track ‘Sit Next to Me’ on Gala Music

June 28, 2024

Cardano: The impact assessment of 190m whale behavior on the price of ADA

March 20, 2025

NEXT BASKET announces NEBA token to strengthen Web3 e-commerce ecosystem

January 17, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.